TY - GEN
T1 - Class-Conditioned Transformation for Enhanced Robust Image Classification
AU - Blau, Tsachi
AU - Ganz, Roy
AU - Baskin, Chaim
AU - Elad, Michael
AU - Bronstein, Alex M.
N1 - Publisher Copyright: © 2025 IEEE.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - Robust classification methods predominantly concen-trate on algorithms that address a specific threat model, resulting in ineffective defenses against other threat models. Real-world applications are exposed to this vulnerability, as malicious attackers might exploit alternative threat models. In this work, we propose a novel test-time threat model agnostic algorithm that enhances Adversarial-Trained (AT) models. Our method operates through COnditional image transformation and DIstance-based Prediction (CODIP) and includes two main steps: First, we transform the input image into each dataset class, where the input image might be either clean or attacked. Next, we make a prediction based on the shortest transformed distance. The conditional transformation utilizes the perceptually aligned gradients property possessed by AT models and, as a result, elimi-nates the need for additional models or additional training. Moreover, it allows users to choose the desired balance between clean and robust accuracy without training. The proposed method achieves state-of-the-art results demon-strated through extensive experiments on various models, AT methods, datasets, and attack types. Notably, applying CODIP leads to substantial robust accuracy improvement of up to +23%, +20%, +26%, and +22% on CIFAR10, CIFAR100, ImageNet and Flowers datasets, respectively. For more details, visit the project page.
AB - Robust classification methods predominantly concen-trate on algorithms that address a specific threat model, resulting in ineffective defenses against other threat models. Real-world applications are exposed to this vulnerability, as malicious attackers might exploit alternative threat models. In this work, we propose a novel test-time threat model agnostic algorithm that enhances Adversarial-Trained (AT) models. Our method operates through COnditional image transformation and DIstance-based Prediction (CODIP) and includes two main steps: First, we transform the input image into each dataset class, where the input image might be either clean or attacked. Next, we make a prediction based on the shortest transformed distance. The conditional transformation utilizes the perceptually aligned gradients property possessed by AT models and, as a result, elimi-nates the need for additional models or additional training. Moreover, it allows users to choose the desired balance between clean and robust accuracy without training. The proposed method achieves state-of-the-art results demon-strated through extensive experiments on various models, AT methods, datasets, and attack types. Notably, applying CODIP leads to substantial robust accuracy improvement of up to +23%, +20%, +26%, and +22% on CIFAR10, CIFAR100, ImageNet and Flowers datasets, respectively. For more details, visit the project page.
KW - adversarial attacks
KW - computer vision
UR - http://www.scopus.com/inward/record.url?scp=105003626328&partnerID=8YFLogxK
U2 - 10.1109/WACV61041.2025.00637
DO - 10.1109/WACV61041.2025.00637
M3 - Conference contribution
T3 - Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025
SP - 6538
EP - 6547
BT - Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025
T2 - 2025 IEEE/CVF Winter Conference on Applications of Computer Vision, WACV 2025
Y2 - 28 February 2025 through 4 March 2025
ER -